Whether you have a small business with a single location, or a large enterprise with multiple branch offices, you need a firewall that provides the performance and cost that fits the needs of a small office, yet delivers enterprise-strength security without compromise.
The ASA 5500 Series Adaptive Security Appliances were designed with this in mind. They are available in a wide range of sizes and performance levels to fit your network and budget, while offering the same proven level of security that protects some of the largest networks at some of the most security conscious companies in the world. Read more about the ASA 5500 Series for small offices and branch offices.
| Cisco ASA Model | ASA 5505 | ASA 5510 | ASA 5512-X | ASA 5515-X |
|---|---|---|---|---|
 |
 |
 |
|
|
| Firewall Throughput (Max)1 | 150 Mbps | 300 Mbps | 1 Gbps | 1.2 Gbps |
| Firewall Throughput (Multi-Protocol) | - | - | 500 Mbps | 600 Mbps |
| Concurrent Threat Mitigation Throughput (Firewall + IPS Services) | 75 Mbps with AIP SSC-5 | 150 Mbps with AIP SSM-10; 300 Mbps with AIP SSM-20 | 250 Mbps | 400 Mbps |
| Maximum Firewall Connections | 10,000 /25,000 | 50,000 /130,000 | 100,000 | 250,000 |
| Maximum Firewall Connections/Second | 4,000 | 9,000 | 10,000 | 15,000 |
| Packets per second (64 byte) | 85,000 | 190,000 | 450,000 | 500,000 |
| Maximum 3DES/AES VPN Throughput2 | 100 Mbps | 170 Mbps | 200 Mbps | 250 Mbps |
| Maximum Site-to-Site and IPsec IKEv1 Client VPN User Sessions | 10/25 | 250 | 250 | 250 |
| Maximum AnyConnect or Clientless VPN User Sessions | 25 | 250 | 250 | 250 |
| Bundled SSL VPN User Sessions | 2 | 2 | 2 | 2 |
| VLANs | 3 (trunking disabled) /20 (trunking enabled) | 50 / 100 | 50 | 100 |
| High-Availability Support3 | Not supported | A/A and A/S | Not supported | A/A and A/S |
1 Maximum throughput measured under ideal test conditions
2VPN throughput and sessions count depend on the ASA device configuration and VPN traffic patterns. These elements should be taken in to consideration as part of your capacity planning
3 A/A = Active/Active; A/S = Active/Standby
Whether you have a small business with single location, or a large enterprise with multiple branch offices, you need a firewall that provides the performance and cost that fits the needs of a small office, yet delivers enterprise-strength security without compromise.
The ASA 5500 Series Adaptive Security Appliances were designed with this in mind. They are available in a wide range of sizes and performance levels to fit your network and budget, while offering the same proven level of security that protects some of the largest networks at some of the most security-conscious companies in the world. Read more about the ASA 5500 Series for the Internet edge.
| Cisco ASA Model | ASA 5520 | ASA 5525-X | ASA 5540 | ASA 5545-X | ASA 5550 | ASA 5555-X |
|---|---|---|---|---|---|---|
|
|
|
|
 |
|
|
| Firewall Throughput (Max)1 | 450 Mbps | 2 Gbps | 650 Mbps | 3 Gbps | 1.2 Gbps | 4 Gbps |
| Firewall Throughput (Multi-Protocol) | - | 1 Gbps | - | 1.5 Gbps | - | 2 Gbps |
| Concurrent Threat Mitigation Throughput (Firewall + IPS Services) | 225 Mbps with AIP SSM-10; 375 Mbps with AIP SSM-20; 450 Mbps with AIP SSM-40 | 600 Mbps | 500 Mbps wth AIP SSM-20; 650 Mbps with AIP SSM-40 | 900 Mbps | Not Available | 1.3 Gbps |
| Maximum Firewall Connections | 280,000 | 500,000 | 400,000 | 750,000 | 650,000 | 1,000,000 |
| Maximum Firewall Connections/Second | 12,000 | 20,000 | 25,000 | 30,000 | 33,000 | 50,000 |
| Packets per second (64 byte) | 320,000 | 700,000 | 500,000 | 900,000 | 600,000 | 1,100,000 |
| Maximum 3DES/AES VPN Throughput2 | 225 Mbps | 300 Mbps | 325 Mbps | 400 Mbps | 425 Mbps | 700 Mbps |
| Maximum Site-to-Site and IPsec IKEv1 Client VPN User Sessions | 750 | 750 | 5,000 | 2,500 | 5,000 | 5,000 |
| Maximum AnyConnect or Clientless VPN User Sessions | 750 | 750 | 2,500 | 2,500 | 5,000 | 5,000 |
| Bundled SSL VPN User Sessions | 2 | 2 | 2 | 2 | 2 | 2 |
| VLANs | 150 | 200 | 200 | 300 | 400 | 500 |
| High-Availability Support3 | A/A and A/S | A/A and A/S | A/A and A/S | A/A and A/S | A/A and A/S | A/A and A/S |
1 Maximum throughput measured under ideal test conditions
2VPN throughput and sessions count depend on the ASA device configuration and VPN traffic patterns. These elements should be taken in to consideration as part of your capacity planning
3 A/A = Active/Active; A/S = Active/Standby
As borderless networks continue to evolve and applications become increasingly dynamic in nature, firewalls must be capable of spanning multiple platforms, technologies, and deployment scenarios - including physical and virtual platforms. Cisco offers a wide range of network security solutions to protect networks of all shapes and sizes. These solutions combine a leading-edge firewall with a full complement of security services to protect corporate networks while providing users with secure access to data - anytime, anywhere, using any device. Read more about the Cisco ASA 5500 Series for the Enterprise.
| ASA 5585-X with SSP10 | ASA 5585-X with SSP20 | ASA 5585-X with SSP40 | ASA 5585-X with SSP60 | ASA Services Module | |
|---|---|---|---|---|---|
 |
|
|
|
 |
|
| Firewall Throughput (Max)1 | 4 Gbps | 10 Gbps | 20 Gbps | 40 Gbps | 20 Gbps |
| Firewall Throughput (Multi-Protocol) | 2 Gbps | 5 Gbps | 10 Gbps | 20 Gbps | 16 Gbps |
| Maximum Firewall Connections | 1,000,000 | 2,000,000 | 4,000,000 | 10,000,000 | 10,000,000 |
| Maximum Firewall Connections/Second | 50,000 | 125,000 | 200,000 | 350,000 | 300,000 |
| Packets Per Second (64 byte) | 1,500,000 | 3,000,000 | 5,000,000 | 9,000,000 | 5,000,000 |
| Maximum 3DES/AES VPN Throughput2 | 1 Gbps | 2 Gbps | 3 Gbps | 5 Gbps | Available mid CY2012 |
| Maximum Site-to-Site and IPsec IKEv1 Client VPN User Sessions | 5,000 | 10,000 | 10,000 | 10,000 | Available mid CY2012 |
| Maximum AnyConnect or Clientless VPN User Sessions | 5,000 | 10,000 | 10,000 | 10,000 | Available mid CY2012 |
| Bundled SSL VPN User Session | 2 | 2 | 2 | 2 | Available mid CY2012 |
| VLANs | 1,024 | 1,024 | 1,024 | 1,024 | 1,000 |
| High-Availability Support3 | A/A and A/S | A/A and A/S | A/A and A/S | A/A and A/S | A/A and A/S |
1 Maximum throughput measured under ideal test conditions
2VPN throughput and sessions count depend on the ASA device configuration and VPN traffic patterns. These elements should be taken in to consideration as part of your capacity planning
3 A/A = Active/Active; A/S = Active/Standby